[Résolu] À quoi correspond l'application gendel32.exe ?

may · le 11 mai 2010

Salut tout le monde,

J'ai une application nommée "gendel32.exe" sur mon disque dur.

Est-ce que qq'1 sait à quoi ça correspond ?

Quand je clique dessus : rien.

Faut'il la supprimer ?

Merci pour votre aide

Modifié le 17 mai 2010 par may

Apollo · le 11 mai 2010

Bonsoir,

Tu ne donnes pas le chemin complet....

Rends toi sur ce lien : Virus Total

Clique sur le bouton Parcourir...
Parcours tes dossiers jusque à ce fichier, si tu le trouves :

gendel32.exe

Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.
NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

++

may · le 12 mai 2010

bonsoir Appolo,

Tu ne donnes pas le chemin complet....

voila on ouvrant le disque local c je le vois comme ça

http://ups.imagup.com/10/1273724842.jpg

pour le resultat de l\'annalyse de ce fichier :

Fichier gendel32.exe reçu le 2010.05.12 14:50:06 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.05.10 -

AhnLab-V3 2010.05.12.01 2010.05.12 Win-AppCare/Gendel.53248

AntiVir 8.2.1.236 2010.05.12 -

Antiy-AVL 2.0.3.7 2010.05.12 RiskTool/Win32.PsKill.gen

Authentium 5.2.0.5 2010.05.12 W32/Trojan!00e9

Avast 4.8.1351.0 2010.05.12 -

Avast5 5.0.332.0 2010.05.12 -

AVG 9.0.0.787 2010.05.12 -

BitDefender 7.2 2010.05.12 -

CAT-QuickHeal 10.00 2010.05.12 -

ClamAV 0.96.0.3-git 2010.05.12 VirTool.Gendel.A

Comodo 4828 2010.05.12 TrojWare.Win32.HackTool.Gendel.A

DrWeb 5.0.2.03300 2010.05.12 Tool.Gendel

eSafe 7.0.17.0 2010.05.11 Win32.Banker

eTrust-Vet 35.2.7483 2010.05.12 -

F-Prot 4.5.1.85 2010.05.12 W32/Trojan!00e9

F-Secure 9.0.15370.0 2010.05.12 -

Fortinet 4.1.133.0 2010.05.12 HackerTool/Generic.8315

GData 21 2010.05.12 -

Ikarus T3.1.1.84.0 2010.05.12 -

Jiangmin 13.0.900 2010.05.12 -

Kaspersky 7.0.0.125 2010.05.12 -

McAfee 5.400.0.1158 2010.05.12 -

McAfee-GW-Edition 2010.1 2010.05.12 -

Microsoft 1.5703 2010.05.12 -

NOD32 5108 2010.05.12 Win32/HackTool.Gendel.A

Norman 6.04.12 2010.05.12 -

nProtect 2010-05-12.01 2010.05.12 Trojan-Spy/W32.HackTool.53248

Panda 10.0.2.7 2010.05.11 HackTool/Gendel.A

PCTools 7.0.3.5 2010.05.12 -

Prevx 3.0 2010.05.12 High Risk Worm

Rising 22.47.02.04 2010.05.12 -

Sophos 4.53.0 2010.05.12 -

Sunbelt 6294 2010.05.12 -

Symantec 20101.1.0.89 2010.05.12 -

TheHacker 6.5.2.0.279 2010.05.11 Aplicacion/Riskware.Tool.Gendel

TrendMicro 9.120.0.1004 2010.05.12 -

TrendMicro-HouseCall 9.120.0.1004 2010.05.12 -

VBA32 3.12.12.4 2010.05.12 -

ViRobot 2010.5.12.2312 2010.05.12 -

VirusBuster 5.0.27.0 2010.05.12 HackTool.Gendel.A

Information additionnelle

File size: 53248 bytes

MD5...: 35bc2808ed08326dac79dc41cdf3d61c

SHA1..: 54183157469a030b362bb6d5d6e3b56315d6c0e8

SHA256: 32e8e5edba4aacb769eac1266c360b4abe096566dda199d2fc2e0ac1fffe3208

ssdeep: 1536:vxqZKzqNRoQcIQSDZoIwMPtHy/9H44tsu0:OSeRoQhDaIrti4nu0

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xab7c timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x9cc8 0x9e00 6.43 08dfd3181c12909f79368832e9f1f7f8 DATA 0xb000 0x2f0 0x400 2.83 066e091049e8836cdcbb3df3c0bc7c3f BSS 0xc000 0x5e1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0xd000 0x7c4 0x800 4.48 3245879556ee3c975247e9a77dfbe6a7 .tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0xf000 0x18 0x200 0.20 c9f2b5ffa25a8ec9faf6e22605af4996 .reloc 0x10000 0xc98 0xe00 6.29 346bf1a70b5e09fb36d44c43940b8be3 .rsrc 0x11000 0x1200 0x1200 3.58 6cebf1c26a51ab87d5d09f9f1dc3c7d5 ( 7 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle > user32.dll: GetKeyboardType, LoadStringA, MessageBoxA > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysAllocStringLen > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA > kernel32.dll: WriteFile, VirtualQuery, SetFilePointer, SetEndOfFile, ReadFile, MoveFileExA, GetWindowsDirectoryA, GetVersionExA, GetThreadLocale, GetShortPathNameA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentThreadId, GetCPInfo, FormatMessageA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, DeleteFileA, CreateFileA, CompareStringA, CloseHandle > user32.dll: TranslateMessage, PeekMessageA, MessageBoxA, LoadStringA, GetSystemMetrics, DispatchMessageA ( 0 exports )

RDS...: NSRL Reference Data Set -

trid..: Win32 Executable Borland Delphi 5 (61.3%) Win32 Executable Borland Delphi 3 (35.6%) Win32 Executable Generic (1.1%) Win32 Dynamic Link Library (generic) (1.0%) Win16/32 Executable Delphi generic (0.2%)

pdfid.: -

sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

<a href=\'http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81\' target=\'_blank\'>http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81</a>

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.05.10 -

AhnLab-V3 2010.05.12.01 2010.05.12 Win-AppCare/Gendel.53248

AntiVir 8.2.1.236 2010.05.12 -

Antiy-AVL 2.0.3.7 2010.05.12 RiskTool/Win32.PsKill.gen

Authentium 5.2.0.5 2010.05.12 W32/Trojan!00e9

Avast 4.8.1351.0 2010.05.12 -

Avast5 5.0.332.0 2010.05.12 -

AVG 9.0.0.787 2010.05.12 -

BitDefender 7.2 2010.05.12 -

CAT-QuickHeal 10.00 2010.05.12 -

ClamAV 0.96.0.3-git 2010.05.12 VirTool.Gendel.A

Comodo 4828 2010.05.12 TrojWare.Win32.HackTool.Gendel.A

DrWeb 5.0.2.03300 2010.05.12 Tool.Gendel

eSafe 7.0.17.0 2010.05.11 Win32.Banker

eTrust-Vet 35.2.7483 2010.05.12 -

F-Prot 4.5.1.85 2010.05.12 W32/Trojan!00e9

F-Secure 9.0.15370.0 2010.05.12 -

Fortinet 4.1.133.0 2010.05.12 HackerTool/Generic.8315

GData 21 2010.05.12 -

Ikarus T3.1.1.84.0 2010.05.12 -

Jiangmin 13.0.900 2010.05.12 -

Kaspersky 7.0.0.125 2010.05.12 -

McAfee 5.400.0.1158 2010.05.12 -

McAfee-GW-Edition 2010.1 2010.05.12 -

Microsoft 1.5703 2010.05.12 -

NOD32 5108 2010.05.12 Win32/HackTool.Gendel.A

Norman 6.04.12 2010.05.12 -

nProtect 2010-05-12.01 2010.05.12 Trojan-Spy/W32.HackTool.53248

Panda 10.0.2.7 2010.05.11 HackTool/Gendel.A

PCTools 7.0.3.5 2010.05.12 -

Prevx 3.0 2010.05.12 High Risk Worm

Rising 22.47.02.04 2010.05.12 -

Sophos 4.53.0 2010.05.12 -

Sunbelt 6294 2010.05.12 -

Symantec 20101.1.0.89 2010.05.12 -

TheHacker 6.5.2.0.279 2010.05.11 Aplicacion/Riskware.Tool.Gendel

TrendMicro 9.120.0.1004 2010.05.12 -

TrendMicro-HouseCall 9.120.0.1004 2010.05.12 -

VBA32 3.12.12.4 2010.05.12 -

ViRobot 2010.5.12.2312 2010.05.12 -

VirusBuster 5.0.27.0 2010.05.12 HackTool.Gendel.A

Information additionnelle

File size: 53248 bytes

MD5...: 35bc2808ed08326dac79dc41cdf3d61c

SHA1..: 54183157469a030b362bb6d5d6e3b56315d6c0e8

SHA256: 32e8e5edba4aacb769eac1266c360b4abe096566dda199d2fc2e0ac1fffe3208

ssdeep: 1536:vxqZKzqNRoQcIQSDZoIwMPtHy/9H44tsu0:OSeRoQhDaIrti4nu0

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xab7c timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x9cc8 0x9e00 6.43 08dfd3181c12909f79368832e9f1f7f8 DATA 0xb000 0x2f0 0x400 2.83 066e091049e8836cdcbb3df3c0bc7c3f BSS 0xc000 0x5e1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0xd000 0x7c4 0x800 4.48 3245879556ee3c975247e9a77dfbe6a7 .tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0xf000 0x18 0x200 0.20 c9f2b5ffa25a8ec9faf6e22605af4996 .reloc 0x10000 0xc98 0xe00 6.29 346bf1a70b5e09fb36d44c43940b8be3 .rsrc 0x11000 0x1200 0x1200 3.58 6cebf1c26a51ab87d5d09f9f1dc3c7d5 ( 7 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle > user32.dll: GetKeyboardType, LoadStringA, MessageBoxA > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysAllocStringLen > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA > kernel32.dll: WriteFile, VirtualQuery, SetFilePointer, SetEndOfFile, ReadFile, MoveFileExA, GetWindowsDirectoryA, GetVersionExA, GetThreadLocale, GetShortPathNameA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentThreadId, GetCPInfo, FormatMessageA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, DeleteFileA, CreateFileA, CompareStringA, CloseHandle > user32.dll: TranslateMessage, PeekMessageA, MessageBoxA, LoadStringA, GetSystemMetrics, DispatchMessageA ( 0 exports )

RDS...: NSRL Reference Data Set -

trid..: Win32 Executable Borland Delphi 5 (61.3%) Win32 Executable Borland Delphi 3 (35.6%) Win32 Executable Generic (1.1%) Win32 Dynamic Link Library (generic) (1.0%) Win16/32 Executable Delphi generic (0.2%)

pdfid.: -

sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

<a href=\'http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81\' target=\'_blank\'>http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81</a>

merci

Modifié le 12 mai 2010 par may

Apollo · le 12 mai 2010

Bonsoir,

Télécharge Malwarebytes' Anti-Malware (MBAM)

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

Ce logiciel est à garder.

Uniquement en cas de problème de mise à jour:

Télécharger mises à jour MBAM

Exécute le fichier après l'installation de MBAM

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen complet"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

Télécharge Hijackthis 2.0.4 et enregistre-le sur le bureau.

Sous XP, double clique sur l'icône

Sous Vista, fais un clic droit sur l'icône/exécuter en temps qu'administrateur.

Clique sur "Scan".

Clique ensuite sur "Save log", un fichier texte avec le rapport doit s'ouvrir.

Sauvegarde le fichier texte sur le bureau.

Fais un clic droit sur le texte ouvert, clique encore avec le bouton droit puis clique sur "copier".

Colle le résultat dans ta réponse stp.

@++

may · le 13 mai 2010

bonsoir apollo,

voici le rapport

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de données: 4097

Windows 5.1.2600 Service Pack 1

Internet Explorer 6.0.2800.1106

14/05/2010 00:11:45

mbam-log-2010-05-14 (00-11-45).txt

Type d'examen: Examen complet (C:\|D:\|E:\|H:\|)

Elément(s) analysé(s): 197203

Temps écoulé: 1 heure(s), 58 minute(s), 5 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 36

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 7

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\abu showg 2.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adobe photoshop 8.0 me.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adobe_premiere .mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\autocad.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\frontpage.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\jehad.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\making_photoshop_styles.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\pcbook.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\runcommands.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wright-writing.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc} (Spyware.AdaEbook) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e90ff652-3dfe-4c20-8e22-1ae22cc7f71d} (Rogue.RegAdmin) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

C:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.

C:\Program Files\LuckyTender\1.3.0 (Adware.LuckyTender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.

C:\32788R22FWJFW\catchme.cfexe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Download\jehad.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F1361350-8DF0-4E64-A622-18BA5D877D54}\RP617\A0815978.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F1361350-8DF0-4E64-A622-18BA5D877D54}\RP632\A0837220.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.

C:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.

C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

le rapport de hijakthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:27:02, on 14/05/2010

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\GizmoPlugin\GizmoPlugin.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichierscommuns\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Panicware\Pop-Up Stopper FreeEdition\PSFree.exe

C:\Program Files\The Cleaner\tcap.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Malika\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,StartPage = http://www.google.co.ma/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,StartPage = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,LocalPage =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,LocalPage =

R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName = Liens

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart WebPrinting\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart WebPrinting\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichierscommuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ProgramFiles\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin forInternet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programfiles\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\ProgramFiles\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichierscommuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVirDesktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichierscommuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSNMessenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\ProgramFiles\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"

O4 - HKCU\..\Run: [tcactive] C:\Program Files\TheCleaner\tcap.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel -res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec StarDownloader - C:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\ProgramFiles\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for InternetExplorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\InternetExplorer\SkypeIEPlugin.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\SmartWeb Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\ProgramFiles\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\InternetExplorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE(file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ProgramFiles\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166485824952

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B125A2F-736A-4314-AD0F-7EB0AD267798}: NameServer = 62.251.229.22362.251.229.237

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\ProgramFiles\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - AviraGmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Service d'administration du Gestionnaire dedisque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) -Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gizmo VoIP Service (Gizmo Plugin) -SIPphone, Inc. - C:\ProgramFiles\GizmoPlugin\GizmoPlugin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) -Macrovision Corporation - C:\Program Files\Fichierscommuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG- C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknownowner - C:\Program Files\Fichiers communs\MacromediaShared\Service\Macromedia Licensing.exe

O23 - Service: The Cleaner 2011 Helper Service (moohelp) -MooSoft Development LLC - C:\Program Files\TheCleaner\mhelper.exe

O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe

O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknownowner - C:\WINDOWS\system32\netdde.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner -C:\WINDOWS\system32\services.exe

O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner -C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) -Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) -Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Malika/Mes%20documents/mariam%20nour%20doc/????%20???%20-%20???%20?%20????_files/yingow.gif

O24 - Desktop Component 2: YouTube - casa crew -hé 3chiri live mks -

--

End of file - 10198 bytes

pour le gendel 32 il est encore dans lecteur C !!!

Merci pour ton aide

Apollo · le 14 mai 2010

Bonjour,

pour le gendel 32 il est encore dans lecteur C !!!

Supprime-le.

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Important :
* Sous Vista : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

* Sous Windows 7 : Il faut mettre le fichier RSIT.exe sur le bureau, faire un clic droit dessus et dans Propriétés, onglet Compatibilité, cocher la case "Exécuter ce programme en mode compatibilité pour" et dans le menu choisir Vista SP2 et la case dans Niveau de privilège.
Valide par Appliquer.
Clique Continue à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

++

may · le 14 mai 2010

bonjour

voila

Logfile of random's system information tool 1.07 (written by random/random)

Run by Computer at 2010-05-14 13:05:26

Microsoft Windows XP Professionnel Service Pack 1

System drive C: has 6 GB (29%) free of 20 GB

Total RAM: 159 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:06:53, on 14/05/2010

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\GizmoPlugin\GizmoPlugin.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

C:\Program Files\The Cleaner\tcap.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Malika\Bureau\RSIT.exe

C:\Documents and Settings\Malika\Bureau\Computer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ma/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"

O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166485824952

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B125A2F-736A-4314-AD0F-7EB0AD267798}: NameServer = 62.251.229.223 62.251.229.237

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - C:\Program Files\The Cleaner\mhelper.exe

O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe

O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Malika/Mes%20documents/mariam%20nour%20doc/????%20???%20-%20???%20?%20????_files/yingow.gif

O24 - Desktop Component 2: YouTube - casa crew -hé 3chiri live mks -

--

End of file - 10246 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]

HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2010-01-06 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]

WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1274016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364]

{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1274016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CrazyTalk Serve"=C:\WINDOWS\System32\CrazyTalk.dll [2009-08-07 983040]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-01-06 198160]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-09-04 6856704]

"PopUpStopperFreeEdition"=C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [2003-04-29 524288]

"tcactive"=C:\Program Files\The Cleaner\tcap.exe [2010-03-29 2951680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]

C:\Program Files\AdVantage\AdVantage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FortKnoxPersonalFirewall]

C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2002-08-28 208953]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Ahead\InCD\InCD.exe [2005-01-27 1381376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-09-04 6856704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe [2005-02-26 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2003-04-29 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

D:\program files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-01-06 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[41c7095795dcdfc1abc45c36bcc10a7eba2924ef]]

C:\Documents and Settings\Malika\Mes documents\sad.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[f500ca1593dc4c16ed35f43546e20a5a50e8b03a]]

C:\Documents and Settings\Malika\Bureau\musica.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]

C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]

C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-02-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-02-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

C:\PROGRA~1\Menara\dslmon.exe [2006-02-03 966756]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EyeLoveU.lnk]

C:\WINDOWS\Installer\{44526086-6CF2-4C15-AE8C-DA4893F82B60}\Icon44526086.exe [2008-03-16 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Malika^Menu Démarrer^Programmes^Démarrage^Yahoo! Widgets.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ERSvc"=2

"RDSessMgr"=3

"mnmsrvc"=3

"wuauserv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7dc25c0-de93-11da-b8b6-806d6172696f}]

shell\play\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

======List of files/folders created in the last 1 months======

2010-05-14 13:05:26 ----D---- C:\rsit

2010-05-13 21:47:00 ----D---- C:\Documents and Settings\Malika\Application Data\Malwarebytes

2010-05-13 21:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-05-13 21:46:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-05-11 20:38:55 ----D---- C:\Documents and Settings\Malika\Application Data\Summitsoft

2010-05-11 20:18:31 ----D---- C:\WINDOWS\Logo Design Studio Trial

2010-05-11 20:18:30 ----D---- C:\Program Files\Summitsoft

2010-05-11 20:17:23 ----A---- C:\WINDOWS\Logo Design Studio Trial Setup Log.txt

2010-05-07 18:18:17 ----A---- C:\WINDOWS\Speed Video Converter.INI

2010-05-07 18:14:26 ----D---- C:\speed_converter

2010-05-05 17:04:45 ----A---- C:\gendel32.exe

2010-05-05 16:46:00 ----A---- C:\WINDOWS\System32\cpumeter.dll

2010-05-05 16:45:59 ----A---- C:\WINDOWS\System32\kernel.dll

2010-05-04 17:16:23 ----D---- C:\Documents and Settings\Malika\Application Data\Auslogics

2010-05-04 17:16:06 ----D---- C:\Program Files\Auslogics

2010-05-04 14:52:29 ----D---- C:\Program Files\Sog_Video_Converter_Platium

2010-05-03 18:55:26 ----D---- C:\Program Files\WOT

2010-04-25 14:42:09 ----D---- C:\Program Files\SpywareBlaster

2010-04-23 12:53:14 ----D---- C:\WINDOWS\XSxS

2010-04-23 12:53:14 ----D---- C:\Program Files\Xenocode

2010-04-19 23:14:22 ----D---- C:\Documents and Settings\Malika\Application Data\thecleaner

2010-04-19 23:12:45 ----D---- C:\Program Files\The Cleaner

2010-04-17 22:46:32 ----D---- C:\Documents and Settings\Malika\Application Data\vlc

2010-04-17 22:39:57 ----D---- C:\Program Files\VideoLAN

2010-04-16 18:06:11 ----D---- C:\Program Files\Avira

2010-04-16 17:34:36 ----HD---- C:\WINDOWS\msdownld.tmp

2010-04-16 17:30:36 ----D---- C:\Program Files\ConvertHelper

2010-04-16 17:30:11 ----D---- C:\Program Files\Xvid

2010-04-15 23:34:29 ----D---- C:\Program Files\Star Downloader

======List of files/folders modified in the last 1 months======

2010-05-14 13:05:16 ----D---- C:\WINDOWS\Prefetch

2010-05-14 00:57:35 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-14 00:14:30 ----D---- C:\WINDOWS\System32\drivers

2010-05-14 00:11:44 ----D---- C:\WINDOWS\system32

2010-05-14 00:11:44 ----D---- C:\Program Files

2010-05-13 22:02:50 ----SHD---- C:\WINDOWS\Installer

2010-05-13 22:02:43 ----HD---- C:\Config.Msi

2010-05-13 21:59:25 ----D---- C:\Program Files\Fichiers communs\Adobe

2010-05-13 21:55:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-05-13 21:53:53 ----D---- C:\Program Files\Adobe

2010-05-13 19:11:31 ----D---- C:\WINDOWS\temp

2010-05-12 16:03:58 ----D---- C:\WINDOWS\Favoris

2010-05-12 13:52:06 ----A---- C:\WINDOWS\IE4 Error Log.txt

2010-05-12 00:46:13 ----D---- C:\WINDOWS\Help

2010-05-11 20:18:59 ----RSD---- C:\WINDOWS\Fonts

2010-05-11 20:18:31 ----D---- C:\WINDOWS

2010-05-10 15:20:16 ----D---- C:\Documents and Settings\Malika\Application Data\Skype

2010-05-10 15:09:38 ----D---- C:\Documents and Settings\Malika\Application Data\skypePM

2010-05-10 14:03:05 ----D---- C:\WINDOWS\System32\CatRoot2

2010-05-09 22:57:25 ----A---- C:\WINDOWS\NeroDigital.ini

2010-05-09 21:45:32 ----D---- C:\Program Files\NCH Swift Sound

2010-05-09 21:43:11 ----D---- C:\Program Files\Arovax AntiSpyware

2010-05-06 18:10:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-05-06 15:18:43 ----D---- C:\Documents and Settings\Malika\Application Data\Uniblue

2010-05-05 17:04:45 ----A---- C:\WINDOWS\wininit.ini

2010-05-03 18:55:46 ----SD---- C:\Documents and Settings\Malika\Application Data\Microsoft

2010-05-01 19:11:52 ----A---- C:\WINDOWS\System32\TubeFinder.exe

2010-05-01 00:21:59 ----D---- C:\Program Files\Smarty Uninstaller Pro

2010-04-23 22:47:39 ----D---- C:\hijackthis

2010-04-19 22:32:47 ----D---- C:\Program Files\Mozilla Firefox

2010-04-17 22:11:32 ----D---- C:\WINDOWS\System32\CatRoot

2010-04-16 18:06:11 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2010-04-16 18:03:04 ----D---- C:\WINDOWS\WinSxS

2010-04-16 17:36:36 ----D---- C:\WINDOWS\System32\config

2010-04-16 17:36:12 ----D---- C:\WINDOWS\System32\wbem

2010-04-16 17:36:09 ----D---- C:\WINDOWS\Registration

2010-04-16 17:35:33 ----D---- C:\Documents and Settings\Malika\Application Data\FlashGetBHO

2010-04-16 17:35:32 ----D---- C:\Documents and Settings\Malika\Application Data\BITS

2010-04-16 17:35:02 ----D---- C:\Documents and Settings\Malika\Application Data\FlashgetSetup

2010-04-16 17:34:50 ----SHD---- C:\found.000

2010-04-16 17:33:57 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2010-04-16 17:33:55 ----HD---- C:\WINDOWS\inf

2010-04-16 17:33:44 ----DC---- C:\WINDOWS\System32\DRVSTORE

2010-04-16 17:32:10 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2010-04-16 17:30:50 ----D---- C:\Program Files\Avira(2)

2010-04-16 17:29:52 ----D---- C:\Download

2010-04-16 17:29:51 ----D---- C:\Documents and Settings\Malika\Application Data\Adobe

2010-04-16 17:29:39 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]

R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-01-27 28928]

R1 incdrm;InCD Reader; C:\WINDOWS\System32\drivers\incdrm.sys [2005-01-27 27776]

R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320]

R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2005-06-21 125913]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-08-29 450432]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-28 51968]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-28 21760]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-28 19328]

R3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2002-08-28 84480]

R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2005-01-27 99200]

S1 SABKUTIL;SABKUTIL; \??\D:\program files\SABKUTIL.sys []

S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]

S3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\System32\DRIVERS\avfwim.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2002-08-29 16384]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-08-29 4992]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2001-08-17 83712]

S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-04-10 26112]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2001-08-17 8064]

S3 SABProcEnum;SABProcEnum; \??\D:\program files\SABProcEnum.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2001-08-17 10752]

S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2005-11-07 788480]

S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2001-08-17 14592]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2001-08-17 18560]

S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Gizmo Plugin;Gizmo VoIP Service; C:\Program Files\GizmoPlugin\GizmoPlugin.exe [2008-08-14 962048]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2001-08-28 12800]

R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2001-08-28 12800]

S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064]

S2 moohelp;The Cleaner 2011 Helper Service; C:\Program Files\The Cleaner\mhelper.exe [2010-03-29 813056]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-01-16 68096]

-----------------EOF-----------------

pour info text:

info.txt logfile of random's system information tool 1.06 2010-05-14 13:07:19

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->C:\WINDOWS\unmrw.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNNMP.exe /UNINSTALL

-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.3.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe"

Audacity 1.2.3-->"C:\Program Files\Audacity\unins000.exe"

Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"

Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe

Correctif Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe

CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe

EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly

EyeLoveU 3.5.4-->MsiExec.exe /I{44526086-6CF2-4C15-AE8C-DA4893F82B60}

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Gizmo Plugin-->C:\Program Files\GizmoPlugin\uninstall.exe

HijackThis 1.99.1-->C:\hijackthis\HijackThis.exe /uninstall

HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat

HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

iTunes-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1036

jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools 2006\unins000.exe"

Kit de Connexion MENARA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel

K-Lite Codec Pack 5.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Kodak One-Touch Printing Solution SDK-->C:\KODAKO~1\UNWISE.EXE C:\KODAKO~1\INSTALL.LOG

Logo Design Studio Trial-->"C:\WINDOWS\Logo Design Studio Trial\uninstall.exe" "/U:C:\Program Files\Summitsoft\Logo Design Studio Trial\Uninstall\uninstallLDSTrial.xml"

Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}

Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe"

Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

PC Camera LI360-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9

Photo-Brush 3.1-->"C:\Program Files\PhotoBrush\unins000.exe"

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG

PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE

QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}

Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"

The Cleaner 2011-->"C:\Program Files\The Cleaner\unins000.exe"

Themen aktuell 1-->C:\WINDOWS\APCBTUn.exe Themen aktuell 1

VSO Image Resizer 2.2.0.4-->"C:\Program Files\VSO\Image Resizer\unins000.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WOT pour Internet Explorer-->MsiExec.exe /X{DB0BB9FA-1B60-4036-8E29-3D56D8085256}

Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

ZebHelpProcess 2.23-->"C:\Program Files\ZebHelpProcess 2\unins000.exe"

======System event log======

Computer Name: COMPUTERAOUU706

Event Code: 7

Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 13450

Source Name: Cdrom

Time Written: 20100422182809.000000+000

Event Type: erreur

User:

Computer Name: COMPUTERAOUU706

Event Code: 7

Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 13449

Source Name: Cdrom

Time Written: 20100422182809.000000+000

Event Type: erreur

User:

Computer Name: COMPUTERAOUU706

Event Code: 7

Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 13448

Source Name: Cdrom

Time Written: 20100422182808.000000+000

Event Type: erreur

User:

Computer Name: COMPUTERAOUU706

Event Code: 7

Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 13447

Source Name: Cdrom

Time Written: 20100422182807.000000+000

Event Type: erreur

User:

Computer Name: COMPUTERAOUU706

Event Code: 7

Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 13446

Source Name: Cdrom

Time Written: 20100422182806.000000+000

Event Type: erreur

User:

=====Application event log=====

Computer Name: COMPUTERAOUU706

Event Code: 1

Message:

Record Number: 1907

Source Name: Gizmo VoIP Service

Time Written: 20100301165258.000000+000

Event Type: Informations

User:

Computer Name: COMPUTERAOUU706

Event Code: 4096

Message:

Record Number: 1906

Source Name: InCDsrvR

Time Written: 20100301165246.000000+000

Event Type: Informations

User:

Computer Name: COMPUTERAOUU706

Event Code: 0

Message:

Record Number: 1905

Source Name: hpqcxs08

Time Written: 20100301161842.000000+000

Event Type: Informations

User:

Computer Name: COMPUTERAOUU706

Event Code: 4096

Message: Le service AntiVir a bien démarré!

Record Number: 1904

Source Name: Avira AntiVir

Time Written: 20100301161838.000000+000

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: COMPUTERAOUU706

Event Code: 0

Message:

Record Number: 1903

Source Name: hpqddsvc

Time Written: 20100301161754.000000+000

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Ulead Systems\MPEG

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0806

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_15\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\j2re1.4.2_15\lib\ext\QTJava.zip

-----------------EOF-----------------

merci apollo

Apollo · le 14 mai 2010

Tu devrais ajouter une barrette mémoire de 512 Mo à la ram que tu as déjà, cela améliorerait les performances de la machine.

Télécharge Ad-Remover de C-XX et Enregistre-le sur le bureau.

Ferme toutes les applications ouvertes pour l'installer.

Sous Vista: Désactiver provisoirement l'UAC comme expliqué ICI

Double-clique (Clic droit/exécuter comme administrateur pour Vista) sur l'icône placée sur le bureau.

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

Clique sur Scanner.

Le rapport se trouve aussi sous C:\Ad-Report.

Copie/colle-le dans ta réponse stp.

-----------------------------------------------------------------------------------------------

2) Double-clique (Clic droit/exécuter comme administrateur pour Vista) sur l'icône placée sur le bureau.

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

Clique sur Nettoyer.

Le bureau va disparaitre, c'est normal!

Le rapport se trouve aussi sous C:\Ad-Report Clean.

Copie/colle-le dans ta réponse stp.

Réactiver l'UAC de Vista. (Si Vista bien sûr!).

La page d'accueil sera peut-être changée; il suffit de remettre sa page habituelle via les options internet.

Poste ensuite un nouveau log Hijackthis stp.

@++

may · le 14 mai 2010

bonsoir apollo

voici les resultats :

.

======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======

.

Mis à jour par C_XX le 07/05/10 à 16:50

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 19:20:10 le 14/05/2010 | Mode normal | Option: SCAN

Exécuté de: C:\Ad-Remover\ADR.exe

SE: Microsoft® Windows XP™ Service Pack 1 - X86

Nom du PC: COMPUTERAOUU706

Utilisateur actuel: Computer

.

============== ÉLÉMENT(S) TROUVÉ(S) ==============

.

C:\Program Files\Macrogaming

.

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\Software\PopCap

HKCU\Software\SWEETIE

HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}

HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}

HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AdVantage

HKLM\Software\PopCap

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}

HKCU\Software\Mozilla\Firefox\Extensions|{A89AED22-9133-424c-88E7-C8235C5FF302}

.

============== SCAN ADDITIONNEL ==============

.

* Mozilla FireFox Version 3.6.3 (fr) *

.

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.download.lastDir: E:\\mes documents\\aichanour\\cd

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.selectedEngine: Yahoo

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage: hxxp://www.google.co.ma

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - privacy.popups.showBrowserMessage, false

.

* Internet Explorer Version 6.0.2800.1106 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

Do404Search: 0x01000000

Enable Browser Extensions: yes

Search bar: hxxp://g.msn.fr/0SEFRFR/SAOS02

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Show_ToolBar: yes

Start Page: hxxp://www.google.co.ma/

Use Custom Search URL: 1

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: about:blank

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Ad-Remover\Backup: 1 Fichier(s)

.

C:\Ad-Report-SCAN[1].txt - 3046 Octet(s)

.

Fin à: 19:42:41, 14/05/2010

.

============== E.O.F - SCAN[1] ==============

.

======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======

.

Mis à jour par C_XX le 07/05/10 à 16:50

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 19:46:23 le 14/05/2010 | Mode normal | Option: CLEAN

Exécuté de: C:\Ad-Remover\ADR.exe

SE: Microsoft® Windows XP™ Service Pack 1 - X86

Nom du PC: COMPUTERAOUU706

Utilisateur actuel: Computer

.

============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============

.

C:\Program Files\Macrogaming

(!) -- Fichiers temporaires supprimés.

.

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\Software\PopCap

HKCU\Software\SWEETIE

HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}

HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}

HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AdVantage

HKLM\Software\PopCap

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}

HKCU\Software\Mozilla\Firefox\Extensions|{A89AED22-9133-424c-88E7-C8235C5FF302}

.

(Orpheline) BHO: (Java Plug-In 2 SSV Helper) -{DBC80044-A445-435b-BC74-9C25C1C588A9} - (Fichier manquant)

.

============== SCAN ADDITIONNEL ==============

.

* Mozilla FireFox Version 3.6.3 (fr) *

.

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.download.lastDir: E:\\mes documents\\aichanour\\cd

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.selectedEngine: Yahoo

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage: hxxp://www.google.co.ma

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=

C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - privacy.popups.showBrowserMessage, false

.

* Internet Explorer Version 6.0.2800.1106 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Ad-Remover\Backup: 14 Fichier(s)

.

C:\Ad-Report-CLEAN[1].txt - 3360 Octet(s)

C:\Ad-Report-SCAN[1].txt - 3170 Octet(s)

.

Fin à: 20:09:35, 14/05/2010

.

============== E.O.F - CLEAN[1] ==============

merci

Apollo · le 14 mai 2010

Ben, et mon p'tit log Hijackthis?

Tu peux désinstaller Ad-Remover

Fait beau chez toi? Pake ici c'est le mois de May mais le chauffage turbine toujours.

@++

Connexion

Pas encore inscrit ?

[Résolu] À quoi correspond l'application gendel32.exe ?

Messages recommandés

may

Apollo

may

Apollo

may

Apollo

may

Apollo

may

Apollo

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer